Lucene search
K

9277 matches found

Kitploit
Kitploit
added 2023/09/03 11:30 a.m.47 views

Associated-Threat-Analyzer - Detects Malicious IPv4 Addresses And Domain Names Associated With Your Web Application Using Local Malicious Domain And IPv4 Lists

Associated-Threat-Analyzer detects malicious IPv4 addresses and domain names associated with your web application using local malicious domain and IPv4 lists. Installation From Git git clone https://github.com/OsmanKandemir/associated-threat-analyzer.git cd associated-threat-analyzer && pip3...

7.1AI score
Exploits0References6
Kitploit
Kitploit
added 2023/09/01 12:30 p.m.101 views

PurpleOps - An Open-Source Self-Hosted Purple Team Management Web Application

An open-source self-hosted purple team management web application. Key Features Template engagements and testcases Framework friendly Role-based Access Control & MFA Inbuilt DOCX reporting + custom template support How PurpleOps is different: No attribution needed Hackable, no "no-reversing"...

7.3AI score
Exploits0References2
Cvelist
Cvelist
added 2023/08/31 5:10 p.m.52 views

CVE-2023-41044 Partial path traversal vulnerability in Support Bundle feature of Graylog

Graylog is a free and open log management platform. A partial path traversal vulnerability exists in Graylog's Support Bundle feature. The vulnerability is caused by incorrect user input validation in an HTTP API resource. Graylog's Support Bundle feature allows an attacker with valid Admin role...

3.3CVSS4.3AI score0.00569EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2023/08/31 5:10 p.m.12 views

CVE-2023-41044 Partial path traversal vulnerability in Support Bundle feature of Graylog

Graylog is a free and open log management platform. A partial path traversal vulnerability exists in Graylog's Support Bundle feature. The vulnerability is caused by incorrect user input validation in an HTTP API resource. Graylog's Support Bundle feature allows an attacker with valid Admin role...

3.3CVSS6.5AI score0.00569EPSS
Exploits1References3
OSV
OSV
added 2023/08/31 5:10 p.m.29 views

CVE-2023-41044 Partial path traversal vulnerability in Support Bundle feature of Graylog

Graylog is a free and open log management platform. A partial path traversal vulnerability exists in Graylog's Support Bundle feature. The vulnerability is caused by incorrect user input validation in an HTTP API resource. Graylog's Support Bundle feature allows an attacker with valid Admin role...

3.3CVSS4.5AI score0.00569EPSS
Exploits1References5
Kitploit
Kitploit
added 2023/08/30 12:30 p.m.55 views

Noir - An Attack Surface Detector Form Source Code

Noir is an attack surface detector form source code. Key Features Automatically identify language and framework from source code. Find API endpoints and web pages through code analysis. Load results quickly through interactions with proxy tools such as ZAP, Burpsuite, Caido and More Proxy tools...

7.6AI score
Exploits0References2
Fedora
Fedora
added 2023/08/30 1:37 a.m.30 views

[SECURITY] Fedora 38 Update: moby-engine-24.0.5-1.fc38

Docker is an open source project to build, ship and run any application as a lightweight container. Docker containers are both hardware-agnostic and platform-agnostic. This means they can run anywhere, from your laptop to the largest EC2 compute instance a nd everything in between - and they don'...

8.7CVSS7.3AI score0.02733EPSS
Exploits4
OpenVAS
OpenVAS
added 2023/08/30 12:0 a.m.24 views

Fedora: Security Advisory for moby-engine (FEDORA-2023-9f5f1ef40a)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.7CVSS7.7AI score0.02733EPSS
Exploits4References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2023/08/29 1:45 a.m.2 views

Malicious code in docker-slim-action (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5c43f388e17851e78ffe6cea282489130b04ea50c71f40d951e492b3128f019d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
OSV
OSV
added 2023/08/29 1:45 a.m.8 views

MAL-2023-7951 Malicious code in docker-slim-action (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5c43f388e17851e78ffe6cea282489130b04ea50c71f40d951e492b3128f019d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
Spring Security Advisories
Spring Security Advisories
added 2023/08/29 12:0 a.m.15 views

My SpringOne 2023 Recap

Hi, Spring fans! Look, it's Monday after the first in-person SpringOne of the 2020s and the first since the pandemic, and, being honest, I'm bushed! Vegas is a dizzying, sensational, overwhelming, exciting experience, and SpringOne is too. But it was worth it. The SpringOne show surpassed all...

6.5AI score
Exploits0
OSV
OSV
added 2023/08/25 6:42 p.m.17 views

GHSA-826J-8WP2-4X6Q Netmaker Vulnerable to Privilege Escalation From Non Admin To Admin User

Impact A Mass assignment vulnerability was found allowing a non-admin user to escalate privileges to admin user. Patches Issue is patched in 0.17.1, and fixed in 0.18.6+. If Users are using 0.17.1, they should run "docker pull gravitl/netmaker:v0.17.1" and "docker-compose up -d". This will switch...

8.8CVSS8.7AI score0.00711EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2023/08/25 6:42 p.m.36 views

Netmaker Vulnerable to Privilege Escalation From Non Admin To Admin User

Impact A Mass assignment vulnerability was found allowing a non-admin user to escalate privileges to admin user. Patches Issue is patched in 0.17.1, and fixed in 0.18.6+. If Users are using 0.17.1, they should run "docker pull gravitl/netmaker:v0.17.1" and "docker-compose up -d". This will switch...

8.8CVSS6.9AI score0.00711EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2023/08/25 6:41 p.m.11 views

GHSA-256M-J5QW-38F4 Netmaker IDOR Allows User to Update Other User's Password

Impact An IDOR vulnerability was found in the user update function. By specifying another user's username it is possible to update the other user's password. Patches Issue is patched in 0.17.1, and fixed in 0.18.6+. If Users are using 0.17.1, they should run "docker pull gravitl/netmaker:v0.17.1"...

7.5CVSS7.4AI score0.00561EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2023/08/25 6:41 p.m.28 views

Netmaker IDOR Allows User to Update Other User's Password

Impact An IDOR vulnerability was found in the user update function. By specifying another user's username it is possible to update the other user's password. Patches Issue is patched in 0.17.1, and fixed in 0.18.6+. If Users are using 0.17.1, they should run "docker pull gravitl/netmaker:v0.17.1"...

7.5CVSS6.8AI score0.00561EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2023/08/25 6:38 p.m.17 views

GHSA-8X8H-HCQ8-JWWX Netmaker has Hardcoded DNS Secret Key

Impact Hardcoded DNS key usage has been found in Netmaker allowing unauth users to interact with DNS API endpoints. Patches Issue is patched in 0.17.1, and fixed in 0.18.6+. If Users are using 0.17.1, they should run "docker pull gravitl/netmaker:v0.17.1" and "docker-compose up -d". This will...

7.5CVSS6.9AI score0.03147EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2023/08/25 6:38 p.m.35 views

Netmaker has Hardcoded DNS Secret Key

Impact Hardcoded DNS key usage has been found in Netmaker allowing unauth users to interact with DNS API endpoints. Patches Issue is patched in 0.17.1, and fixed in 0.18.6+. If Users are using 0.17.1, they should run "docker pull gravitl/netmaker:v0.17.1" and "docker-compose up -d". This will...

7.5CVSS6.9AI score0.03147EPSS
Exploits0References6Affected Software1
NVD
NVD
added 2023/08/24 11:15 p.m.65 views

CVE-2023-32079

Netmaker makes networks with WireGuard. A Mass assignment vulnerability was found in versions prior to 0.17.1 and 0.18.6 that allows a non-admin user to escalate privileges to those of an admin user. The issue is patched in 0.17.1 and fixed in 0.18.6. If Users are using 0.17.1, they should run...

8.8CVSS8.7AI score0.00711EPSS
Exploits0References1
Prion
Prion
added 2023/08/24 11:15 p.m.13 views

Design/Logic Flaw

Netmaker makes networks with WireGuard. A Mass assignment vulnerability was found in versions prior to 0.17.1 and 0.18.6 that allows a non-admin user to escalate privileges to those of an admin user. The issue is patched in 0.17.1 and fixed in 0.18.6. If Users are using 0.17.1, they should run...

6.5CVSS8.6AI score0.00711EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2023/08/24 10:15 p.m.29 views

CVE-2023-32078

Netmaker makes networks with WireGuard. An Insecure Direct Object Reference IDOR vulnerability was found in versions prior to 0.17.1 and 0.18.6 in the user update function. By specifying another user's username, it was possible to update the other user's password. The issue is patched in 0.17.1 a...

7.5CVSS7.3AI score0.00561EPSS
Exploits0References3
Rows per page
Query Builder